Challenge

Auckland University of Technology, one of the fastest growing universities in New Zealand, is faced with rapidly increasing system security demands. While Nessus® had met AUT’s needs for many years, it was felt that AUT should move up to SecurityCenter Continuous ViewTM to:

Better manage the increasing number of vulnerability scans

Reduce the time to perform each scan

Gain a more holistic view of the university’s security posture

Better manage and share reports

Auckland University of Technology

Auckland University of Technology (AUT) is the second largest university in New Zealand. Established in 1895 as the Auckland Technical School, it was renamed Auckland University of Technology in enero 2000 when it was granted university status.

AUT has three teaching campuses located in south Auckland, Auckland’s CBD and on the North Shore; and three specialist facilities: the Centre for Refugee Education, the Radio Astronomy Observatory in Warkworth and AUT Millennium.

With more than 28,000 students enrolled in undergraduate and postgraduate programmes, AUT has consistently been a leader in enrollment growth for both New Zealand and international students across a wide range of professional disciplines.

The Problem

AUT has been using Tenable’s Nessus vulnerability scanner for a number of years. During that time, they have augmented Nessus with in-house developed tools that feed reports into AUT’s monitoring system for wider visibility. This configuration worked fine for asset management and discovery; the AUT security team was able to look at common high impact vulnerabilities that could be addressed quickly, and they have been able to track the status of patching levels easily.

However, AUT’s growing security requirements have been stretching their operational staff resources. They felt the need to upgrade for several reasons:

The increasing amount of manpower required to perform and manage more and more active scans

The difficulty in acquiring a macro view of the university’s security posture

The need for better scheduling control

The need for better reporting capabilities and distribution mechanisms

While AUT was a satisfied Nessus customer, they were looking to expand its use and capabilities. So the security team performed a market survey to establish a baseline for vendors in the vulnerability management category. AUT was fortunate to be able to take advantage of a collective licensing agreement between Tenable and a consortium of APAC higher education institutions (CAUDIT) 1.

“Together with AUT’s excellent experience with Nessus and the CAUDIT pricing model,” said Brian Green, AUT Security and Access Manager, “we felt confident that moving up to SecurityCenter Continuous View provided the best overall solution and outcome.”

From a technology perspective, AUT has consolidated data from across the university through Nessus scans, Nessus Network Monitor and the Log Correlation EngineTM (LCE®). Reports will be shared with a much wider audience through email distributions, providing greater business value for all security personnel. “Productivity has improved with SecurityCenter’s superior scan management capabilities,” explained Green, “providing greater visibility into our university-wide security posture and vulnerability management.”

From a business and financial point of view, having a local reseller in Australasia reduced the sales cycle and got AUT up and running in a shorter timeframe. And according to Green, “the Tenable customer experience was painless.”

The Results

With SecurityCenter CV, the AUT security team has better control of and visibility into university- wide cybersecurity, including:

Centralized management over dozens of scans and scan schedules

Reduced manpower to run scans

A macro view of the entire university’s security posture from one console, enabling proactive monitoring

Custom reports and dashboards which provide greater flexibility for generating more relevant and timely analytics

The AUT security team has used all the SecurityCenter CV components – Nessus, LCE and Nessus Network Monitor – to great advantage. “SecurityCenter fosters insight, collaboration, and efficiencies across all systems,” said Green.